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DEPENDENT TYPES AND EXPLICIT SUBSTITUTIONS 


CESAR MUNOZ* 


Abstract. We present, a dependent-type system for a A-calculus with explicit substitutions. In this 
system, meta-variables, as well as substitutions, are first-class objects. We show that the system enjoys 
properties like type uniqueness, subject reduction, soundness, confluence and weak normalization. 

Key words, explicit substitutions, dependent types, lambda-calculus 

Subject classification. Computer Science 

1. Introduction. Since the Aa-calculus of explicit substitutions was introduced in [1], several other 
variants of explicit substitution calculi have been proposed; among others [38, 27, 20, 4, 28, 7, 24, 31, 10, 33]. 
By using substitutions as first-class objects, and de Bruijn indices notation for variables, the Atr-calculus 
allows a first-order encoding of the A-calculus. In consequence*, technical nuisances due to higher-order 
aspects of the A-calculus, for example a -conversion, can be minimized or eliminated in explicit substitution 
calculi. For instance, higher-order unification problems have been reformulated in a first-order setting via 
some variants of An [8, 9, 25, 5]. 

However, explicit substitutions are not free of difficulties. Typed versions of these calculi lead to unex- 
pected problems. It is well known now that An does not preserve strong normalization [30], that is, well-typed 
terms may not terminate in An. Furthermore, as a rewrite system, An is not confluent on open terms [7]. 

In constructive logic*, explicit substitutions and open terms form a framework to represent incomplete 
proofs , i.e., proofs under development [29, 32]. In this approach, meta-variables are place-holders in a 
proof-term, and an explicit substitution notation is necessary to delay the application of substitutions to 
met a-' variables waiting to be instantiated. Meta- variables have also been used as unification variables in the 
higher-order unification methods presented in [8, 9, 25]. 

In order to apply explicit substitution techniques in a dependent-type framework, we develop a A-calculus 
of explicit substitutions, called AIT^, with dependent types and support for meta- variables. 

The rest of this section gives an overview of the dependent-type theory in which we are interested, and 
to the simply-typed version of A<r. We finish the section with a discussion about the main difficulties to 
set the Atr-calculus in a dependent-type theory. In Section 2 we present the AF[£-calculus. Just as the 
A-calculus extended with the //-rule, which is not confluent on terms with type annotations (not necessarily 
well-typed), AIl£ is not confluent due to type annotations on substitutions. However, using a technique 
proposed by Geuvers in [11], we prove that it is confluent on well-typed expressions. We show how to adapt 
Geuvers’ technique to An£ in Section 3. In Section 4 we show the elementary typing properties of An£: sort 
soundness, type uniqueness, subject reduction and soundness. In Section 5 we prove the main properties 
on well-typed All £ -expressions: weak normalization, Church-Rosser, and confluence. In the last section we 
discuss related work and summarize our work. 

* Institute for Computer Applications in Science and Engineering, Mail Stop 132C, NASA Langley Research Outer, Hampton, 
VA 23681-2199, email: munoz«iicase.edu. This research was supported by INRIA - Rocquencourt. while the author was an 
international fellow' at the INRIA institute, and by the National Aeronautics and Space Administration under NASA Contract 
NAS 1-97046 while he was in residence at. the Institute for Computer Applications in Science and Engineering (ICASE), NASA 
Langley Research (’enter, Hampton, VA 23681-2199. 
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1.1. Dependent types. The Dependent Type theory, namely All [18], is a conservative extension of 
the simply-typed A-calculus. It allows a finer stratification of terms by generalizing the function space type. 
In fact, in All, the type of a function Xx:A.M is Ux:A.B where B (the type of M) may depend on x. Hence, 
the type A -> B of tin 1 simply-typed A-calculus is just a notation in An for the product Ux:A.B where x 
does not appear free in B. 

From a logical point of view, the All-calculus allows representation of proofs in the first-order intu- 
itionistic logic using universal quantification. Via the types-as-proofs principle, a term of type Ux:A.B is a 
proof-term of the proposition Vx:A.B. 

Terms in An can be variables applications (M A r ), abstractions \x:A.AL products Iix:A.B, 

or one of' the sorts Type, Kind. 1 Notice that terms and types belong to the same syntactical category. 
Thus, n x:A.B is a term, as well as A x:A.M. However, terms are stratified in several levels according to 
a type discipline. For instance, given an appropriate context of variable declarations, Xx:A..M : Bx:A..B , 
Ylx.A .B : Type , and Type : Kind . The term Kind cannot be typed in any context , but it is necessary since 
a circular typing as Type : Type leads to the Girard’s paradox [15]. 

Typing judgments in All have the form 

r h M : .4 

where T is a context of variable declarations, that is, a set of type assignments for free variables. We use the 
Greek letters T, A to range over contexts. Since types may be ill-typed, typing judgments for valid contexts 
art 1 also necessary. The notation 


h r 

captures that types in T are well-typed. The An-type system is given in Fig. 1.1. 

In a higher-order logic, as An, it may happen that two syntactically different types become identical via 
^-conversion. Rule (Conv) uses the equivalence relation which is defined as the reflexive and transitive 

closure of the relation induced by the tf-rule: (A x.A.AI N) ► M[N/x\. We recall that M[N/x\ is just 

a notation for the atomic substitution of the free occurrences of x in M by A r , with renaming of bound 
variables in A1 when necessary. 

1.2. Explicit substitutions and simple types. The Acr-calculus [1] is a first-order rewrite system 
with two sorts of expressions: terms and substitutions. 

Simple types are generated from a denumerable set of basic types a, b, . . . and their functional closure, 
i.e., if A, B are simple types, then .4 -> B is also a simple type. Well-formed expressions in the simply-typed 
Arr-ealculus are defined by the following grammar: 

Terms M,N ::= l\ (A1 N) \ Xa-AI | M[S] 

Substitutions S,T ::= id | t | A/ * S | S o T 

Types A, B ::= a, 5, ... \ A B 

In Afr, free and bound variables are represented by de Bruijn indices. They are encoded by means of the 

»-times 

/ ^ ^ r . 

constant I and the substitution T* We write f n as a shorthand for t 0 ♦ • • ° t- We overload the notation t to 

l T\w names Type and Kind are not standard, other couples of names used in the literature are: (Set, Type), (Prop, Type) 
and ( *, □}. 
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( Var-Decl) 


(Empty) 


T\- A: s 
s € {Kind, Type} 
x is a fresh variable 

FTTJJxTJ] 


h r 

r h Type : Kind 


(Type) 


h r 


(* :A)er 

r h x : .4 


(Var) 


T h 4 : Type 
x does not appear in T 
ru{x:A}\-B: s 
s € { Kind. Type} 
r hUxiA.B : s 


(Prod) 


T h .4 : Type 
x does not appear in F 
FU{r: .4} I ~ M :B 
ru{x:4}hB:« 

.s € { Kind. Type} 

F F Xx:A.M : IL r:A.B 


(Abs) 


T h M : Ux:A.B 
Ft- N : A 

T F (A/ TV) : .4[A r /xJ (Appl) 


r h M : .4 


T h B : s 
■s € { Kind, Type} 

.4 = ., B 

F h M : B 


(Conv) 


Fig. 1.1. The An -system 


represent the Arr-terni corresponding to the index i , i.e., 


i 


1 if i = 1 
l[r] if i = n + 1. 


An explicit substitution denotes a mapping from indices to terms. Thus, id maps each index i to the 
term 7. t maps each index 7 to the term / + F 5 o T is the composition of the mapping denoted by T with 
the mapping denoted by S (notice that the composition of substitution follows a reverse order with respect 
to the usual notation of function composition), and finally, M • S maps the index 1 to the term A/, and 
recursively, the index i + 1 to the term mapped by the substitution S on the index i. 

A context in Arr is a list of types. The empty context is written e. A context with head .4 and rest T is 
written AS. In that case, A is the type of the index 1, the head of T (if T is not. empty) is the type of the 
index 2, and so on. 

The type of a substitution is a context. This choice seems natural since substitutions denote mapping 
from indices to terms, and contexts are list of types. In fact, if the type of a substitution 5 is the context 
4. A, the type of the term mapped by the substitution S on the index 1 is A , and so for the rest of indices. 
Typing judgment for substitutions in A a have the form: 


FhSo A. 


The Aa-calculus and its typing rules are presented in Fig. 1.2. When met a- variables of terms are 
considered, an additional typing rule is necessary to state that each meta-variable is typed in a unique 





(A a .MN) 
(M A') [5] 
(Xa-M)[S] 
M[S}[T] 
l[M ■ S } 
M[id] 

(Si o S->) o T 
(M ■ S ) o T 
id o S 
S o id 
t o (A/ • S) 

I • T 

1[S]-(T°S) 


M[N • id] 

(A/[S] N[S}) 
A. 4 .A/[l-(Sot)] 
M[S o T] 

M 

M 

Si o(S-,oT) 
M[T] ■ (SoT) 

S 

S 

S 

id 

S 


(Beta) 

(Application) 

(Lambda) 

(Clos) 

(VarCons) 

(Id) 

(Ass) 

(Map) 

(HI) 

(Hr) 

(ShiftCons) 

(VarShift) 

(SCons) 


AT I- 1 : A 


(Var) 


AT b M :B 
r b A a-M : A -> B 


(Abs) 


r b M : .4 B r b A r : .4 
r b JTTN] : B 


(Appl) 


r b S > A A b M : A 
r b A/[S] : -4 


(Clos) 


(Id) 


r b id i> r 

rbSt>A, A, b / > A-., 
r b T o s O A> 


(Comp) 


(Shift) 


at b t > r 

r b A/ : A r b S > A 
r b M • S > .LA 


(Cons) 


FlCi. 1.2. The simply-typed X a-calculus [1] 


context by a unique type [8]: 

r, Y b A : -4,v (Metax ) - 


The 1 simply-typed Acr-calculus with meta-variables of terms is continent [38] and weakly normalizing 
[17. 33]. 


1.3. Dependent types and explicit substitutions. A dependent-type system for AIl£ is not a simple 
extension of the simply- typed Acr-calculus. First of all, it is not clear how to type expressions containing 
meta- variables. Notice that in a dependent-type theory with de Bruijn indices, the order in which variables 
are declared in a context is important. In fact, in the context AT, the indices in A are relative to T. But, 
how is the dependence regarding met a- variables? 

Even without considering met a- variables, setting A a in a dependent-type theory presents difficulties. 
Take, for example, the typing rule for simultaneous substitutions, the (Cons)-rule: 


T h M : A n-s>A 

r h M ■ 5 > A. A 


(Cons). 
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A dependent-typed version of this rule has the form 


r b M : A\S] T\~ S> A Ah A: Type 

rF i rrrxs ^ (Consn) - 

First notice that the type given to M in the premises of the rule is A[S ] (up to conversion). The application 
of the substitution S to the type ,4 is necessary to take into account possible dependencies of variables in .4 
with terms in S . Hence, a type inference algorithm should use a higher-order unification procedure to infer 
the type of M • S which depends on A. 

Another drawback of (Consn) is that it is not sound with respect to the usual typing properties. In 
particular, a substitution can be typed with two contexts that are not convertible, i.e., types are not unique 
modulo conversion. For example, consider the context 2 

F = 0 mat. l:(Hn:nat.(T n)). T\nat — > Type . nat\Type 
and the valid typing judgments 


( 1 . 1 ) 


r h [x := 0 ■ id] o x'.nat. F 


(1.2) r b (l 0) : (T x)[x :=()• ;</]. 

Since (T x)[x := 0 • id] and ( T 0)[:r := 0 • id] are convertible via A a, and (T 0)[;r := 0 ■ id] is a valid type, 
we also have: 

(1.3) r b (/ 0) : (T 0)[:r := 0 • id]. 

Using (Consn) with (Eq. LI) and (Eq. 1.2), we get: 

(1.4) T b [y := (/ ()) • x := 0 • id] > y:(T 0). x:nat. F 
and with (Eq. 1.1) and ( Eq . 1.3): 

(1.5) T b [y := (/ 0) • x := 0 • id] > y:{T :r). x:nnt. F. 

However, (T 0) and (T x) are not convertible, and then, the substitution [y := (/ 0) • x := 0 ■ id] has two 
types, y:(T 0). x.nat . F and y:(T x). x:nat. T, which are not convertible. 

To solve these problems, we use type annotations in substitutions, in a similar way as the Church style 
A-calculus as opposed to the Curry style— annotates binder variables in abstractions. The final version 
of (Consn) has the form: 

rhJl/:.4[51 r b 5 > A A b A : Type 
fb Tl 5 t> .l.A (Co,lS|,) - 

Annotations in substitutions act as reminders of types, arid they must be introduced and maintained by the 
calculus of substitutions. In our previous example, substitutions in Eq. 1.4 and Eq. 1.5 should be annotated 
with different types. 

2 For readability, we use named variables when discussing examples. Nevertheless, as we have said, A cr uses a de Bruiju 
nameless notation of variables. 



A different solution proposed by Bloo in [2] is to introduce substitutions in contexts and to deal with 
these extended contexts via additional typing rules. This approach is similar to type systems with definitions 
[41, 3], where closures are typeable, but substitutions are not considered as typeable objects. We discuss 
this approach in the last section. 

When we consider annotated substitutions, the system may lose the subject reduction property due to 
the non-left-linear rule (SCons): I[S] - A (t o S) 5. For instance, take the context 

T = m:(T 0) -» nat . 0 mat. l:(Un:nat.(T n)). Tmat -> Type . nat: Type 
and the substitution 

S ~~ [)!/ * = {T 0) ^ • — d 'nat id\- 

Wo verify that, the following typing judgments are valid: 

T h S > y:(T 0). x:nat. T 


r h I[S] -(Tx) (t°5) o y:(T x ). x.nat. T. 

But also, 1 [S] ' {Tjc) (to 5) - (SC ° n - L S . However, since (T 0) and (T x) are not convertible, T I / 
S i> y:(T x). x:nat. T. Therefore, the type of 1[5] x) (t °S) is not. preserved by rule (SCons). 

The problem hen 1 is not the type system but the substitution calculus. Non-left-linear rules - like 
(SCons) are not only harmful for typing, but are also usually responsible for non-confluence problems 
[26, 7]. 

Nadathur [35] has remarked that in A n with meta-variables of terms, but without meta- variables of 
substitutions, rule (SCons) is admissible when the following scheme of rule is added to the system: l[t n ] * 

I"* 1 ► Since f" is a shorthand, an infinite set of rules is represented by this scheme. Following 

Nadathur s idea, we present in [33] a variant of An, namely A £, which has the same general features as A n, 
i.e., simple, finite, and first-order presentation, but without rule (SCons) of An. 

In this paper, we propose the AH^-calculus, which is based on A £, and show that An^ is a suitable 
calculus for our purpose: explicit substitutions, dependent types and support for meta- variables. 

2. AIl£-Calculus. As usual in explicit substitution calculi, expressions of An £ are structured in terms 
and substitutions. Since we use the left-linear variant of An, the A^-calculus, we add the sort of natural 
numbers. Tlu 1 Xlic -calculus admits meta- variables only on the sort of terms. 

The set of well- formed expressions in An^ is defined by the following grammar: 


Natural numbers 
Met a- variables 
Terms 

Substitutions 


n 

X 




S,T 


0 | n + 1 

V I y I ... 

Kind | Type \ l \ Ha-B I A^.A/ | (M N) \ 
M[S] | * 

r | M a S\SoT 


The equivalence relation =\u c is defined as the symmetric and transitive closure of the relation induced 
by the rewrite system in Fig. 2.1. 

The system Il£ is obtained by dropping rule (Beta) from An^. As shown by Zantema [47], the Il£- 
calculus is strongly normalizing. 
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(A. 4- A/ N) 
(\a-M)[S} 

(n A.B)[S] 

(AI N)[S } 
A/[5][T] 

1 [M -a S] 

A/[t°] 

(A/ -.4 S)oT 
t°o S 

t' ,+1 o (M -.4 S) 

-j-n+l q 

lit' 

l[t"] '.4 t” +l 

Type[S] 


Lemma 2.1. The Tic -calculus is terminating. 

Proof. See [34]. The proof uses the semantic labeling technique [46]. □ 

The An^-calculus, just as Act, uses the composition operation to achieve confluence on terms with 
meta- variables. Rules (Idr) and (Ass) of Arr are not necessary in AIl£. 

We adopt the notation i as a shorthand for l[t /J ] for i = n + 1. In contrast to Arr, f n is not a shorthand 
but an explicit substitution in AIJ£. Indeed, f° replaces id and f 1 replaces t- In general, denotes the 
mapping of each index i to the term i + n . Using the scheme of rule proposed bv Nadathur can be 
encoded in a first-order rewrite system. Notice that we do not assume any meta- theoretical property on 
natural numbers. They are constructed with 0 and n -f 1. Arithmetic calculations on indices are embedded 
in the rewrite system. 

2.1. Meta-variables in AIl£. As we have said, meta- variables are first-class objects in AIl£. Just as 
variables, they have to be declared in order to keep track of possible dependencies between terms and types. 

A meta- variable declaration has the form (X: pA), where T and A are, respectively, a context and a type 
assigned to the meta-variable X. The pair (T, A) is unique (modulo =*n £ ) for each meta-variable. This 
requirement is enforced by the type system. 

A list of met a- variable declarations is called a signature. We use the Greek letter E to range over 
signatures. The empty signature is written e. A signature with head (A": pA) and rest E is written (A”: pA). E. 
We overload the notation Ei. E^ to write the concatenation of the signatures Ei and E^>. 

The order of the meta-variable declarations is important. In a signature (Aq : pj A\ ). . . . (A„: p M A„), the 
type A t and the context Ty, 0 < / < n, may depend only on meta- variables Xj, i < j < n. The indices in A,- 
are relative to the context T,. 

The main operation on meta- variables is instantiation. The instantiation of a met a- variable A r with a 
term M in an expression y (where y is a term or a substitution), denoted by y{ X t-> M\, replaces ail the 
occurrences of A” in y by M . Application of an instantiation to a context T (signature E) is denoted by 
T{X M\ (EjA A/}). It is defined in the obvious way. 


M[N ‘ A t°] 

\ A[ s].M[l- A (Sof)} 

n.4[.S'].B[l M (Sot 1 )] 

(A/[5] N[S}) 

M[S o T] 

M 

M 

M[T ] -.4 (SoT) 

S 

t" o S 

^0 

Type 


(Beta) 

(Lambda) 

(Pi) 

(Application) 

(Clos) 

(VarCons) 

(Id) 

(Map) 

(IdS) 

(ShiftCons) 

(ShiftShift.) 

(ShiftO) 

(ShiftS) 

(Type) 


Fig. 2.1. The All c -rewrite system 
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In contrast, to substitutions of variables, instantiations of meta-variables allow capturing of variables. 
Instantiations are not first-class objects, i.e., the application of an instantiation is atomic and external to 
the All £ -calculus. 

2.2. The An^-type system. In An £ , we consider typing assertions having one of the following forms: 

b E; T 

to capture that the context F is valid in the signature E, 

E; T h M : .4 

to capture that the term M has type .4 (the type M has the kind .4) in E;T, and 


E;Fh5> A 

to capture that the substitution S has the context type A in E;F. 

The scoping rules for variables and met a- variables in the above type assertions are as follows. Contexts 
T, A. and expressions M, .4.5 may depend on any meta- variable declared in the respective signature E. 
Indices in M , .4, and S are relative to their respective context T. 

Typing rules for signatures, contexts, terms, and substitutions are all mutually dependent. They are 
given in Fig. 2.2. 

In the following, we use b E, b T, F b M : .4, and T b S > A as shorthands for b E; r, b r; T, e: T b M : A. 
and f : T b 5 o A . respectively. 

Since' there are no typing rules for Kind , the term Kind does not occur as a sub-term of a well-typed 
expression. 

The An £ -system types at least as many terms as All. In other words, \Yl c is a conservative extension 
of An. 

Lemma 2.2 (Conservative extension). Let ALA be ground terms m An £ , and T a ground context such 
that M.A.T do not contain explicit substitutions , then T b M : ,4 in An £ if and only if T b M : .4 in An 
(modulo de Druijn indices translation). 

Proof By induction on the typing derivation. □ 

Tilt' following lemma states the conditions that guarantee the soundness of instantiation of meta- variables 
in An £ . 

Lemma 2.3 (Instantiation soundness). Let M be a term such that Ei;T b M : A. and E a signature 
having the form E 2 . (A :r.4). Ei, 

1. if b E; A, then b E\X M\;A{X h* A/}, 

2 . if E; A b N : IL then 

E{Y 1 — y M\\ A{X M } b N\X M\ : B{ X M\. and 

d. if E; A t b S > A 2 , then T>{X ^ A/}; Ai{Y M\ b S\X M\ > A 2 {Y *-> M\. 

Proof By induction on the typing derivation. □ 

2.3. Type annotations. Type annotations in substitutions are introduced with rules (Beta), (Lambda), 
and (Pi), and then propagated with rule (Map). They can also be eliminated with rules (VarCons), (Shift- 

Cons). and (Shift 0 ) . Notice that the type annotation propagated by rule (Map): (M a S)oT * A I[T] ,4 

(S o T) is .4. not A[T]. 

Consider the following example. 
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(Empty) 


h 


E; r h .4 : .s 


s E { Kind, Type} 


X is a fresh met, a- variable 
i (A:,.!). E 


(Mctavar-Ded) 


E;Th A : » 


s E {Kind, Type} 

FT7XT 


(Var-Dod) 


I- E; T 

E; T h Type : Kind 


(Type) 


(- E; .4X 

E; .4.T P 1 : .4[t‘] 


(Var) 


E; T h .4 : Type 
E;dX \~ D :s 


s E { Kind, Type} 
E; T h U a .D : .s 


(Prod) 


E ; T b d : Type 
E; An- A/ : B 
E: F b n 4 .S : * 

.s E { Kind, Type} 

ETTT A.4.JI/ : n. 4 .i? (Ahs) 


S; r h A/ : n. 4.5 


E; T h A r : A 

E; T h (A/ A r ) : BpV ~ t°] (Api>1) 


E; T b S > A 
E:A‘ A/ : A 
E; A I -A: s 

s G { Kind , 7m, e) 

E; T b M[5J : .4[SJ (C1 ° s) 


E; T h 5 > A 
E; A b .4 : tfmrf 
E; T F .4[SJ : Kind 


(Clos-Kind) 


I- E; T 

(A': a . 4) g E 
A ^Ari £ r 

y " p y [ v ) 


E; T b A/ : d 
E; T b B : ,s 
s* E { Kind, Type} 

.4 = A |] £ D lr ,_ x 
E; T b M : D (^ onv ) 


S ; ri-5>Ai 


b E; A-., 

A, =aii £ A 2 
E; r t- £> > A-, 


(Conv-Suhs) 


b E; T 

E; r h t° > r 


(id) 


I- E;.4X 


E: I h t" > A 
E; .44 b t' l+1 t> A 


(Shift.) 


E; r b 5 > A, 

E; Ai h T > Ao 
E: I' - T o > > Aj (Comp) 


E; T h- M : .4 [5] 
E: I' G .S' > A 


E; A h d : Type 
E JT F A/ M 5 > d.A 


(Cons) 


Fio. 2.2. The All c-tyP e system 
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Let F = z:nat. T:nat -> Type, nat: Type. We verify that 


(2.1) T h {\s:nat.\f:((T x) x).(/ y) z) : ((T 2) -> nat) -> ((T 2 ) -> nat). 

Reducing the (Beta)-redex and distributing the substitution inside the abstraction, we get 

(Beta) 

(Xx:nat..Xf:((T .r) -> nat).Xy:(T x).(f y) z) ► 

(A f:((T x) -4 nat).Xy:(T x).(f y))[x := 2 t°] — 

A f:((T z) -4 nat).((Xy:(T x ).(/ </))[/ := / - (T * := 2 £])• 

We will check that the type in Eq. 2.1 is preserved by the reduction. 

Thanks to the rewrite rule (Lambda), the type annotation for / in the substitution [/ := / {T 
x := c ' nil t T 1 ] is ( T x) -* wit, that is, the type of the variable / before the distribution of the substitution 
[x := z 'nat T°] hi the abstraction A f :((T x) -» nat).Xy:(T x).(f y). 

Th( i typing rules for substitutions install the right context of variables. For example, the expression 
A y:(T x).(f y) will be typed in a context when’ the variable declaration / : (T z) nat has been replaced 
by / : (T x) — ► nat. In fact, we verify 

(2.2) f :(T 2) -4 nat. T h [/ := / - {T * ■= - ‘nut t‘] > f-{T x) -4 nat. x nat. T 


(2-3) 


f:(T x) nat. x.nat. F h A y:(T x).(f y) : (T x) — > nat 


hence, by rule (Clos) applied to Eq. 2.2 and Eq. 2.3: 

(2.4) f:(T 2 ) nat. F h (Xy:(T x).{f y))[f '• — f *(7’ x )— x z - na / ^ ] : (T z) nat 


and by rule (Abs) applied to Eq. 2.4: 

T h A f:((T 2 ) -4 nat).(Xy:(T x).(f ;</))[/ := / - (T * == * f] : 

((T 2 ) -4 nat) -4 ((T 2 ) -4 n«f). 


The above example is due to Geuvers and Bloo [13], and it happens to be a counter-example for subject 
reduction in calculi of explicit substitutions with dependent types where substitutions do not keep track of 
typing information. The use of annotated substitutions in All c keeps the right type when a substitution is 
propagated under an abstraction or a product. In fact, as we will show below, subject reduction holds in 
AII £ . 

However, annotated substitutions raise a technical problem: the All^-rewrite system is not confluent. 
The problem even exists if we only consider local confluence on ground terms. In fact, the following critical 
pair is not joinable in t he general case, e.g., assume .4 and B to be different ground All £ -normal forms: 


(1\4 T 1 ) ° (A/ 'B S) 

( Slii ft 0 ) ; ( Id S ) / \^( Map ) ; ( VarCons) ; (Shift Cons) ; ( IdS ) 


M b S 


M-aS 


This problem is similar to the one pointed out by Nederpelt for the A-calculus extended with the //- 
rule [36]. In that case, the confluence property holds on terms without type annotations in abstractions 
(A-calculus in the Curry style), but does not on terms with annotated abstractions (A-calculus in the Church 
style). In [11], Geuvers proposes a method to prove confluence for the /^/-reduction on well-typed A-terms 
written in the Church style. In the next section we adapt this technique in order to prove the confluence 
property on well-typed AIl£ expressions. 
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(A a-M N) 
(A,4.A/)[5] 

(n a.b)[S] 

1 [M ■ 5] 

(M S)oT 
t n+1 o (M-S) 
1-t 1 

l[T M ] * t ” - *" 1 


— 4 M[N • |°] 

— > X A[s] .M[l-(Sof)} 

— > M 


A/[r]-(SoT) 

t" °s 

-j-n 

-j-n 


(Beta) 

(Lambda) 

(Pi) 

(VarCons) 

(Map) 

(Shift Cons) 
(Shift 0) 
(Shifts) 


Fic;. .‘El. Modified rules in the All ^-rewrite system 


3. Geuvers 1 Lemma. Geuvers 1 lemma is a weak form of the Church-Rosser property which suffices 
to prove the main typing properties in systems where confluence on terms with type annotations i.e., in 
the Church style is not available. Geuvers’ technique uses a positive reformulation of the counter-example 
of non-confluence, and the fact that the underlying calculus without typing annotations i.e.. in the Curry 
style — is confluent. 

The underlying Curry style of AIl£ is called AIT^. In this calculus, substitutions do not have type 
annotations (but abstractions do keep their type annotations). The set of well-formed terms in All^ are the 
same as in ATI ^ , but substitutions have the following grammar: 

Substitutions S, T t" | M • 5 | S o T. 

As in the case of AII^, only met a- variables of terms are enabled in AII^. The AII°-calculus is obtained 
by affecting the reduction system AIT ^ as shown in Fig. 3.1. As expected, we define the Il^-calculus as AIl£ 
without rule (Beta). 

The positive reformulation of the confluence counter-example in AIl£ states that if two terms art' equal 
without type annotations, then they are convertible via ~\\\ c . 

Definition 3.1. The erasing mapping |.| : AFl£ — > An° is defined as follows: 

|j*| = x if x <E {1, Type, Kind,} or x is a meta-variable 

|n 4 j?| = u w .\ d \ 

\\ a .b\ = A M) .|A/| 

I (M N)\ = (|A/| \N\) 

\M[S}\ = |A/|[|S|] 

I t n i - r 

\SoT\ = \S\o\T\ 

\M-aS\ = \M\ ■ \S\ 


The following are useful properties of the erasing mapping. 

Lemma 3.2 (Erasing properties). Let x and y be expressions in AIl£, w be an expression in AIl£. H 

one of the rewrite systems AIl£ or Il£ . and R° the corresponding rewrite system without type annotations , 

i.e., An° or 11°, then 

R R a 

1. if x - — ► y, then |x| *• \y\ or \x\ = \y\, 
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/?□ H 

2. if |x| ► w , then there exists w f in All/: such that x ► w f and |w/| = w , and 

3. if x is an B -normal form, then |x| is an R u -normal form. 

Proof . Properties (1) and (2) are proved by structural induction on x. Property (3) is a consequence of 

( 2 ). □ 

Lkmma 3.3 (Positive counter-example). Let x and y he expressions in AIl£, if \x\ -- \y\ t then x =\\ c y , 
and therefore \ x =\u c y. 

Proof. Since \x\ — |t/|, x and y have the same principal constructor. We proceed by structural induction 
on x. If x = A y = A^jV, and |;r| = \y\. then by definition, Apq.|il/| = Aj#|.|A r | and thus, \A\ = \B\ 
and |A/| = |A r |. By induction hypothesis, .4 = Uc B and M A r , and thus, A ,\.M =n £ A/* JV. In fact, 
the only interesting case is x = M \ S and y — N r T. We get by induction hypothesis: 

(3.1) M ~u c N 

(3.2) S =n £ T 

Since the function |.| erases type annotations from substitutions, we do not have by induction hypothesis 
.4 =n r B. However, by using the counter-example, we have 

M H S — (1 r 1 ) o (M -B S) M -A S. 

We conclude with Eq. 3.1 and Eq. 3.2 that x = M m S =ri £ A/ ■/? S =n £ N -rT — y. □ 

A consequence of the reformulation of the counter-example is that, if we erase the type annotations of 
a term M and then annotate it again with an arbitrary term, wo get a term N which is equivalent, to M 
modulo =\u c . 

Definition 3.4. Let .4 be a term in AFI^, the annotation mapping (.)— : An° — > All c is defined as 
follows: 

j— = x if x € {1, Type , Kind} or x is a meta- variable 

= n b ±. b £ 

(A a .A/) A = Affl-M— 

(M N)— = (M±N±) 

(A/ [5])— = A/— [5—] 

(t") A = t" 

(5oT)i = 5—o T— 

(M ■ S)— = M— ■ a 5— 

Lkmma 3.5 (Erasing inverse). Let x be an expression in AII^ and .4 be a term in AIl£ , x =Ari£ |x|— . 
Proof. It is not difficult to show that if w is an expression in AII 1 ^, then w = \w — |. Let w = |.r|. by 
Lemma 3.3, x =xn £ |x|— ■ Q 

We use tiie next lemma in the proof of Geuvers’ lemma. 

Lemma 3.6. Let x and y be expressions in AII^ and A be a term in AIl£, if x — y , then x— =An £ ?/— . 
Therefore , if x Xllc +> y , then x— =aii £ ?/— • 

Proof. By induction on the depth of the AII°-redex reduced in x. □ 

The proof of Geuvers’ lemma uses a confluence property on the calculus without type annotations. We 
left the proof of that property (confluence of AI1°) for the last part of this section. 
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AII £ “ 


Theorem 3.7 (Confluence of AI1°). The XU°-mlculus is confluent . 

Theorem 3.8 (Geuvers 1 lemma). Let,A], Bi, A 2 , B>, M. N be terms in AIl^, 

1. =\n c U A2 .B 2 , then .4i =\\\ c 4 2 and B\ = A n £ B- 2 , and 

2. if M =\n c N ' where N is a All c -nonnal form , then there, exists M l in AIl^ such that M 
and \M'\ = |jV|. 

Proof. We show only the first case. The second case is similar. By Lemma 3.2(1) and the definition of 
|.|, we have II|^ 1 |.|i?i| = An ° II|^ 2 j Since ATI° is confluent (Theorem 3.7), there exists M in AII^ such 


M f 


that 


Ain 


An n * 

M and II M2 ,.|£ 2 | — M. 


But there is no An9-redox with a product as the main 


constructor, so M has the form H.\.B where L4i 


AH^ 


T, | By 


All / 


AH / 


AH/ 


B, |T 2 | -4, and \B 2 \ — ^ B . 

By Lemma 3.5 and Lemma 3.6, for any All^-term A\ A] =ah £ |-4i|— = a n £ *4—, B\ =aii £ |#i|— =aii £ B— , 
~xn c |.4 2 |— = A n £ -4^, and B> ~\n c |B>|— =aii £ Therefore, .4] =aii £ A 2 and B { = A n £ B 2 . □ 

The rest of this section addresses the proof of confluenc e of the AII°-calculus (Theorem 3.7). 

First, we prove that the Il°-calculus AII° without (Beta) is terminating and confluent. 

LEMMA 3.9 (Termination of 11° ). 11° is a terminating rewrite system. 

Proof. Since any reduction in 11° can he properly simulated in He (Lemma 3.2(2)), any infinite reduction 
in n° corresponds to some infinite reduction in n^. But Il£ is terminating (Lemma 2.1), thus n° is 
terminating. □ 

Lemma 3.10 (Confluence of 11°). The n° -calculus is confluent. 

Proof. We mechanically check, e.g., by using the RRL system [23], that the n°-rewrit,e system has the 
following critical pairs: 

• (Id)-(Clos) 


M[S\ 




M[S)[f] 


u“- 


M[S o f] 


• (Clos)-(Clos) 


M[(S l oS 2 )oT] A/[5i][5a][r] Ell A/[S, o (S 2 o T)\ 


• (ShiftO)-(Map) 

S — (1 • t 1 ) 0 5 -El* 1[5] • (t 1 0 S) 

• (ShiftS)-(Map) 

f'oS (l[r]-r' 1+1 )oS Ell l[t" o 5] • (t K+1 o 5) 

• (Lambda)-(Clos) and (Pi)-(Clos) 

Let 5, = 1 • ((Sof) o(l • (Tot 1 ))) and S-> = 1 • ((5 o T) o t 1 ), 

\a[soT}MSi] — (Xa.M)[S\[T\ Ell X A[ soT]MS- 2 ] 
lUf.sor, •£[£,] — (n.,.B)[5][r] Ell n a[SoT] .d[s 2 ] 

These critical ])airs are n°-joinable (we recall that only meta- variables of terms are admitted). Using 
an extension to the Critical Pair lemma proposed in [33] (based on similar extensions originally presented in 


i:i 




[22, 40]), we conclude that 11° is locally confluent. Therefore, by Newman’s lemma and Lemma 3.9, 11° is 
confluent. □ 


The confluence proof of the AII° -calculus uses a general method proposed in [45] to prove confluence of 
abstract relations: the Yokouchi-Hikita’s lemma. This method shows to be suitable for left-linear calculi of 
explicit substitutions [7, 37, 33]. 

Lemma 3.11 (Yokouchi-Hikita’s lemma). Let R and S be two relations defined on a set X such that: 1) 
R is confluent and terminating , 2) S is strongly confluent , and 3) S and R commute in the following way: 
for any x,y,z E A . if x ■ H * ■ y and x — — ► z, then there exists w E A r such that y S/<> » w and z - * w. 
Then the relation R* SR* is confluent. 

Proof See [7]. □ 

We take the set of AII° -expressions as A\ 11° as R and B y as S, where B\\ is the parallelization of (Beta) 
defined in Fig. 3.2. 

Lemma 3.12. 11° commutes over By, i.e., if x reduces in one U^-step to y , and in one B^-step to z, 
then there exists w such that y ► w and z ► w. 

Proof By case analysis on the redex reduced in x. □ 

We are now ready to prove the confluence property of AII°. 

Theorem 3.7. The AII°-calculus is confluent. 

Proof We verify that 11° and By satisfy the conditions of Yokouchi-Hikita’s lemma, that is, 

1. 11° is terminating and confluent (Lemma 3.9 and Lemma 3.10), 

2. By is strongly confluent, since (Beta) by itself is a left linear system with no critical pairs (c.f. [19]), 
and 


3. n° commutes over By (Lemma 3.12). 

Therefore, 11° * By 11° * is confluent . 

Note that AII° C n°*Byn°* C An°*. Let x be an expression in An°. If x 


there exists w such that y ► 


w and 


► w. bo, y 


4. Elementary Typing Properties. The elementary typing properties of AIl^ are 

• Sort soundness: the type of a term is a valid sort. 

• Type uniqueness: the type of a term is unique module =\\\ c . 

• Subject reduction: the All^-rewrite system preserves typing. 
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• Soundness : there always exists a path of well- typed terms between equivalent well- typed terms. 

We use Geuvers’ lemma to prove the last two of the above properties. 

Theorem 4.1 (Sort soundness). 

1. If E; T P M : A, then ,4 = Kind or E; T P ,4 : s, .s G {Kind. Type}, and 

2. if E; T P S > A then E; A. 

Proof. By induction on the typing derivation. □ 

Theorem 4.2 (Type uniqueness). Let T \ and Y 2 be such that T\ =\u c F -2 , 

L if T,;T i h A/ : .4 and E;p 2 P M : B , then -4 =ah £ B. and 
2. if E; T] P 5 t> Ai and E;T 2 P 5 t> A 2 ? t/icn A] =\n c A 2 . 

Proof. By simultaneous structural induction on M and S. □ 

Theorem 4.3 (Subject reduction). The API c- calculus preserves typing, if x XU ~ * y, for an expression 
x , then 

1. if x is a term and E; T P x : .4, then E; T P y : .4, and 

2. if x is a substitution and E; T P x o A, then E; T P y > A. 

Proof. We show that typing is preserved for one-step reductions (i.e., ► ). and therefore, it is also 

for the reflexive and transitive closure (i.e., y Let x — ^ y be a one-step reduction. We proceed by 

induction on the depth of the redex reduced in x. 

I 11 the initial case, x is reduced at the top level, and we proceed by case analysis. We show the case of 
rule (Beta): 

Let E; T P (A A M N) : B. We show E;TP M[N A t°] : B. 

We have: 

1. (a) E; P P A A .M : U Al .B u (b) E;T P N : Tj, and (c) B = A n £ B } [N - Al t°], by inversion of rule 
(Appl) applied to the hypothesis. 

2. (a) E;T P .4 : Type, (b) E; AT P M : (c) E; AT P B> : * 2 , s 2 € {Kind, Type }, and (d) 

H a .B '2 =An £ R Ai .B\, by inversion of rule (Abs) ap])lied to (1-a). 

3. (a) .4 =aii £ *4j and (b) B 2 =aii £ B\, by Geuvers’ lemma (Theorem 3.8) applied to (2-d). 

4. E;T P N : .4, by rule (Conv) applied to (1-b), (2-a), and (3-a). 

5. E; T P N a t° > AT, by rule (Cons) applied to (4), (2-a), and E; T P t° > r. 

G. B>[N - A f°] =ah £ B x [N - a f] =ah c B\ [N Ml f] =ah £ B, by (1-c) and (3). 

7. E;T P B : .s*i, s\ G {Kind, Type}, by sort soundness (Theorem 4.1) applied to the hypothesis. Note 
that the case .s = Kind is not possible. 

Therefore, we have the derivation 

E; AT P M : B 2 
E; AT P B -2 : s 2 
E; P P N vi t° > AT 

S; r h JV/[JV -4 t°] : B£N -,4 t°] ~ V " 1U °' (C) (7) 

S: T I- M[N ■ A t°] : B 

The other cases are similar. The induction step cases do not present any difficulty. □ 


( 2 - 1 , ) 
(2-e) 

(5) 
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Sometimes the conversion rule (Conv) is expressed as [14]: 


rhJl/:4 
r h B : s 
s G { Kind. Type} 

A B or B .4 

r h M : B 


(Conv 1 ) 


Rule (Conv) seems to be more general than rule (Conv’). In fact, the latter one allows conversions of 
types only via a path of well-typed terms. Geuvers and Werner [14] define a type system to be sound if the 
convertibility of terms remains in the set of well- typed terms. In sound systems, rules (Conv) and (Conv’) 
are equivalent. 

We use the following lemma in the soundness proof of the AII^ -system. 

LEMMA 4.4. Let x,y be XU c- expressions in Tic -normal form such that |ar| = \y\, if x a ndy are well-typed 
expressions, then they are convertible via a path of well-typed expressions. 

Proof. By structural induction on x and y. □ 

Theorem 4.5 (Soundness). If h M : .4, E;T b N : B and M =\u c N, then M and N are 

convertible via a path of well-typed terms. 

Proof From Lemma 3.2(1), we have |A/| =\\\ c |Aj. The confluence property of AII° states that there 

An 0 ’ An°* 

exists x € An° such that |A/| — ^ x and |A r | J: By Lemma 3.2(2), there exist M\<N\ in AIl^ 

such that M » M\, N A r i, arid |A/i| = |A4| = x. Since II^ is terminating (Lemma 2.1), there 

n - i] * 

exist A/_», N '2 II £ -normal forms such that M \ ► A/_>. N\ ► AA. By the subject reduction property 

(Theorem 4.3), E:T h A/> : .4 and E; T A% : B , and all the terms in both reductions are well-typed. 

n° * n° * 

Now. from Lemma 3.2(1), we have x — ► |A/o | and x — | V 2 1 . But A/> and N-> are Il^-normal 

forms, thus, by Lemma 3.2(3), | A/o | and |A' 2 | are 11° -normal forms. Since 14 ^ is confluent, | A/ 2 1 = | Ab | . By 

Lemma 4.4, M 2 and A 2 are convertible via a path of well- typed terms. Therefore. A/ and A r are convertible 
via a path of well-typed terms. □ 

A direct consequence of typing soundness and subject reduction is the following property. 

Lemma 4.C. //S;T I- A7j : .4], S;F h M 2 : A > , and M\ =\n c A/ 9 , then A\ A > . 

Proof. By induction on the length of the paths of well-typed expressions converting M\ to A/ 2 . □ 

5. The Main Properties: Weak Normalization and Confluence. In this section we address the 
proof of the main properties of AIl£ on well-typed expressions: weak normalization and confluence. 

5.1. Weak normalization. The AIl£-calculus does not preserve strong normalization of All. In fact, 
the counterexample shown in [30] for A a may be reproduced in XUc with some minor modifications. 

Nevertheless, we prove that AI4£ is weakly normalizing on well- typed expressions, i.e., there exists a 
strategy to find All £ -normal forms on well-typed expressions. In particular, we propose a proof of strong 
normalization of the strategy that performs one step of (Beta) followed by a Il^-normalization. 

We use the standard technique of reducibility, originally due 1 to Tait for the simply-typed A-calculus 
[42], and then extended by Girard to the system F (the A-calculus of second-order) [15]. From the diverse 
proofs of termination using a reducibility notion, we follow the presentation given in [12] for the Calculus of 
Constructions, which is based on saturated sets. We adapt this proof for the AIl£-calculus. In order to avoid 
some technical problems due to the non-confluence of the calculus with type annotations (not necessarily 
well- typed), we define saturated sets in a slightly different way. However, the structure* of the proofs is the 
same*. 
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We ust 1 (^)in £ as a shorthand for the set of Il^-normal forms of x. The set containing all the fl^-normal 
forms of An £ is denoted by NT. 

^n £ r (Beta) 

Definition 5.1. Let x,y £ MT , we say that x /ill £ -reduces to y, denoted by x ► y, if x ► w 

and y £ (w)4 ri£ . Notice that the set of /ifl^-normal forms is equal to the set of All^-iiormal forms, and 
that x ——U y implies x XUc » y. In fact, we will show that 3Uc is strongly normalizing on well-typed 
expressions, and therefore, Ari£ is weakly normalizing on well-typed expressions. 

We denote' by SA" the set of hn£ -strongly normalizing expressions of NT. 

Definition 5.2. Let M be a term in NT. The term A I is neutral if it does not have the form \a-N. 
The set of neutral terms is demoted by AT. 

Definition 5.3. Let x be in NT. The set of annotations of x. denoted by N(.r), is defined inductively 
as follows: 

K(x) =0 if x £ {Kind. Type, 1} or x or x is a meta-variable 

K(IIt .B) = N(.4)UN(£) 

K(A.4.A/) = K(.4) U N(A/) 

N(M N) = ^(M)UH(A') 

N(AT[S]) = N(M)UN(S) 

K{SoT) = N(S)UN(T) 

N(A I-aS) = {4}U8(A/)UK(S) 

Definition 5.4. A set of terms A C A fT is saturated if 

1 . AC SN, 

2. if M G A and M — N, then A r € A, 

3 . if AI £ N’T, and whenever the reduction of a 3Ylc-redex of AI leads to a term N £ A, then AI £ A, 
and 

4 . if AI £ A, \AI\ = |A r |, and N(A r ) C SA' } then N £ A. 

The set of saturated sets is denoted by SAT. 

The' following corollary is a trivial consequence of Def. 5.4(3). 

Corollary 5.5. Let AI € NT such that M is a 3Uc-normal form , for any A £ SAT, AI £ A. 

The following lemmas show particular cases of terms that are in saturated sets. 

Lemma 5.C. For any A £ SAT, substitution S £ SA and meta-variable X . we have (A r [S])4jj £ C A. 
Proof. Let A £ SAT and M £ (A r [S])| n£ . Since AI is neutral it suffice's to consider the reductions of AI 
(Def. 5.4(3)). We reason by induction on v(S) s . Only two reductions are possible: 

• AI ^ Ah and by Corollary 5.5, X £ A. 

• M —£+ A'[T] where S T. By hypothesis, T £ SA\ and v(S) > v{T ), so by induction 

hypothesis, (A[T])4 n£ C A. 

In both cases, AI reduces to terms in A, thus, M £ A. □ 

Lemma 5.7. For any A £ SAT. and terms A,B £ SA , II \ .B £ A. 

Proof The te'rm Ua.B is neutral. By Def. 5.4(3) it suffices to consider the reductions of ILi.ZL We 
reason by induction on v{A) + v(B). □ 

Lemma 5.8. SN £ SAT. 

Proof We verify the following conditions (Def. 5.4). 

3 “If x is strongly normalizing, v(z) is a number which bounds the length of every normalizat ion sequence beginning with 
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1 . SX c sx. 

2. If AI E SX and M ^ N, then N £ SX. 

3. If M E A T. and whenever the reduction of a /ill£-redex of M leads to a term N £ SX, then 

M E SX. 

4. If M E SX, |A/| = \N\, and K {N) C SX, then N € SX. 

Definition 5.9. If A, X € SAT, we define the set 

A -> A' = {M E XT | VA' £ A, (M N ) £ A'}. 


Lemma 5.10. SAT is closed under function spaces, i. c . , if A, A' £ SAT, then A — > A' £ SAT. 

Proof. We verify the conditions in Def. 5.4: 

1. A -> A' C 5A'. 

Let A/ be in A -> A'. By Def. 5.9 and Def. 5.4(1), (M N) £ A' C SX ior all N £ A. Thus, M £ SX. 

2. If M £ A — > A' and A/ N, then N € A -» A'. 

Let AT be in A. We show that (N AT) € AT By hypothesis, (A/ AT) £ A' and (A/ AT) (N AT). 
Thus, (A r AT) £ A' by Def. 5.4(2). 

3. If M G A T, and whenever the reduction of a /ill^-redex of M leads to a term N G A — > A', then 
M G A -> A'. 

Let AT be in A, we show that (M N i) G A'. Since (A/ AT) € AT, it suffices by Def. 5.4(3) to prove 
that if (M AT) — i AT, then AT> G AT We have AT G A C SAT We reason by induction on i/(AY). 
Since A/ G AT, (A/ A r i ) All^-reduces in one step to 

• (M\ AT), with M — — T M\. By hypotheses. M\ G A — > A' and AT G A. thus (A/i AT) G A'. 

• (A/ AT), with A r i •- - » AT. By Def. 5.4(2), AT G A and r/(AT) < /'(AT), thus, by induction 
hypothesis, (A/ AT) € AT 

In both cases, (A/ A r i) reduces to terms in A'. Hence, (A/ A r i) G A / 

4. If A/ E A -> A'. |A/| = |A T |, and K(A r ) C 5 AT then A r G A AT 

Let AT be in A. We show that (N AT) G AT By hypothesis, (A/ AT) G AT but also, | (A/ AT)| = 
\(N N \ ) | . By Def. 5.4(4), it suffices to show that K(A T AT) C SAT Since AT G A C SAT we have 
K(AT ) C SAT Therefore, N(A r AT ) = N(A r ) U N( AT ) C SAT 

The next step in tin* proof is the interpretation of types. 

Definition 5.11. The type interpretation function of terms in AIl£ is defined inductively as follows: 

[.r] = SA' if x G { Kind. Type, J_} or x is a meta-variable 

Iil/[S]J = [ M ] 
l(M N) 1 = [Mj 
(A a-B] = [B] 

[U a .B] = [4] -> [B] 

We have the following corollary of Lemma 5.10. 

COROLLARY 5.12. For any term A/, [A/J G SAT. 

Lists of tyj)es, i.e., contexts, are interpreted by a set of explicit substitutions. 
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DEFINITION 5.13. The valuations of T, denoted by [F], is a set of substitutions m A \T defined 
inductively on T as follows: 

[f] = {f n | for any natural n} 

[-4.A] = Hu{Jl/-/,S€A^|A/€[B],SG[A],i?€5AM-4] = [B]} 

Lemma 5.14. For anyT, [T] C SAT 

Proof . We show by structural induction on S that if S E |r] , then S E 5A . □ 

DEFINITION 5.15. Let M be a term hi A T and S be a substitution in AfT. We define 

1. T satisfies that M is of type .4, denoted by F |= M : A, if and only if (M[T])l Uc C [A] for any 

Te [r]. 

2. T satisfies that S is of type A, denoted by T |= 5 > A, if and only if (S o r)in £ C [A] for any 

re pi 

We are 1 almost ready to prove the key property which leads to the strong normalization property of (Ole- 
It states that if T |= M : .4, then T b M : .4. Before that, we need some more technical lemmas. 

Lemma 5.1G. Let .4 be a term in SAT For all substitutions S E [F] and term M E [*4], (A/*a S)ln £ C 

{AT}. 

Proof Note that M -a S is not necessarily in AfT. But there are two cases: (M a 5)i Il£ = {M a 5} 
or (M - a S)in £ — { T" } - In both cases we verify that ( M *.4 S)ln £ C f.4.r]. □ 

Lemma 5.17. Let M a term in AfT t if h M : .4 and S; T h 4 : Type, then [4/] = SAT 
Proof . By structural induction on A/. We show the case where M = (M\ M 2 ), the other cases are 
similar. We have: 

1. (a) E;H- A/i : II M .B U (b) h (A/, Mo) : B v [Mo vtl t°], and (c) .4 = X n c B l [A/, -, 4| f). by 
inversion of rule (Appl) applied to the hypothesis. 

2. (a) S;F h .4] : Type and (b) E; T b B) : s u .sq E {Kind, Type}, by inversion of rule (Prod) 
applied to (1-a). 

3. E;T b B] [4/ 2 Mj t°] : * s 2 i *2 € {Kind, Type}, by sort soundness (Theorem 4.1) applied to (l-b). 

4. S 2 =aii £ Type , by Lemma 4.6 applied to E;T b ,4 : Type , (1-c). and (3). 

5. s> = Type, by Geuvers’ lemma (Theorem 3.8) applied to (4). 

6. .si = Type, by (2-b), (3), and (5). 

Then, applying rule (Prod) to (2) and (6), we get E; F b II di -pi : Type . By Def. 5.11 and induction 
hypothesis. [{Mi A/ 2 )] = [A/[] —SAf. □ 

Lemma 5.18. Let M be a terra in A T and S a substitution in AfT, 

1. if E; r b M : A and E;T b M : B, then [A] - {B], and 

2. if E; F b 5 > Ai and E; T b 5 > A a , then [Ai] = [A 2 ] . 

Proof We only show the first case. The second case is proved bv structural induction on Aj. By type 
uniqueness (Theorem 4.2), we have .4 =\n c B , and by sort soundness (Theorem 4.1), A = B = Kind or 

(E; T b 4 : s\ , E; T b B : so, and S[,s 2 E {Kind, Type}). The first case is trivial. For the second one, we use 

soundness of AIl^ (Theorem 4.5) to conclude that ,4 and B are convertible via a path of well-typed terms. 
Hence, it suffices to prove that for any well-typed term N\, if N\ - — + N 2 , then [N\] ~ [A4] . We prove 
this by induction on the depth of the OT^-redex reduced in Aq . The only interesting case is (VarCons), i.e.. 

l[A/i • a \ S ] ► M\. We show that Jl[A/i S]] — [A/j]. 

• From Def. 5.1L [1[M\ 5]] = [I] = SA . 
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• If l[A/i v 4 j 5] is well-typed in E; T, then by inversion of rule (Cons), we have E; F b Mj : Ai [5] and 
E; T f- ,4] [5] : Type. Therefore, by Lemma 5.17, [Mi] = 5 AT 

So, \l[AI x M, S)j = [MJ - SAT □ 

Lkmma 5.19. Let .4j € BAT and Af, A>, B G ATT, if for all N € [T 2 ] , (A/[JV -a, t°])ln £ C [B], then 
A.4i.A/ € [*4 2 ] — > [B]. 

Proe/. Let N G [T_>] • We want to show (A ^,.A/ iV) € [5]. Since (A^.A/ A r ) € AT and [B] C SAT, 

it suffices to prove that if (A 4 ,. A/ N) — — T- A/', then A/' G [I?]. By hypotheses, for all A r 6 [T 2 ], 

(A/[A r -.I, t°])in £ Q [B] C BAT in particular, (A/[l m, T°])in £ Q SAf. But, A/ € (A/[l vi, t°])in £ , and 
thus, A/ G BAT We also have N G [T 2 ] C BA" and Tj € BAT Thus, we can reason by induction on 
//(A/) -(- //(A r ) + jv(.4j). In one step (A. 4 ,.A/ A r ) -reduces to: 

• (A/[A T t°]Hn c . By hypothesis. (AI[N - Al t°]U,i £ C [B]. 

• (X Al .Al Ah), with A r Ah- By Def. 5.4(2), A r i € [T 2 ], then by hypothesis, (M[Ni - Al t°])4n £ ^ 
[BJ. But. also, /'(A r i) < y(A r ), thus, bv induction hypothesis, (X Al .M Ah) G [B]. 

• (A^.A/ N), with ,4i — i A. But A G 5 AT since A) G BAT therefore, for any A/i G (M[A r T°])ln £ » 
mu ) C BAT We have, |(A/[A r Ml t () ]Un £ I - \{M[N a T°]Un £ | 4 - By Def. 5.4(4), (Af [AT a t°]Hu £ Q 
[B]. But also i/(.4) < v(A\), thus, by induction hypothesis, (A^.M A T ) G [BJ. 

• (Xa x -Mi A" ) , with M -T- M\. Using the properties of AII^ and AII°, if Ah G (M[N • / \ l T°])in £ ? 

then Ah ^ » AT, where |AT| — |(A/i[A r - Al t°])in £ l- By hypothesis. Ah E [B], thus, by Def. 5.4(2), 

AT E [B]. Since A/i and .4 1 are in 5 Ah for any A / 2 G (A/] [A' t°])Fn £ ? N(A/ 2 ) C BA . We obtain 

(A/i[A T • ij t°])ln £ C JB] by Def. 5.4(4). But also z/(A/|) < p(A/), thus, by induction hypothesis. 
(A Al .AU N) G [BJ. 

In any case, (A^ .M N) reduces to a term in [B] and, therefore, (A..*, .Al N) G [BJ. □ 

W e are ready to prove the key lemma, the soundness of J= with respect to K 
Lkmma 5.20 (Soundness of |=). Let A/,5 G A T , 

1. i/STb A/ : .4. then T (= A/ : .4, and 

2. if E: T b 5 » A, Men r |= 5 > A. 

Proof. Let T G [TJ. We proceed by simultaneous structural induction on A/ and 5. We show the main 
cases. In the proof, 1)^(5) is a shorthand for l‘ A (5 ©t 1 )- 

• A/ = A" (A' is a meta- variable). We show that (A r [T’])4r| l£ C [.4]. 

Then* are two cases: 

- T =t°. Therefore, (A"[T])4 n£ = {A'}. But also, X is a neutral /JII^ -normal form. Hence by 
Corollary 5.5, X G [-4J. 

T ^|°. Therefore, (A[T])| n£ = {A"[T]}. By Lemma 5.14, T G BAT Hence by Lemma 5.6, 
-Vpl € 1.4]. 

• M = n We show that (n, 4l .Bi [r])4. Uc C [A], 

By inversion of rule (Prod), S;F b .4i : Type and E; A\.Y b Bi : .s, s G {Kind, Type). Note that if 
A/i G ((n^.BOl/IUn^ then A/ x = IU 2 .B,, where .4, G (A^T])^ and B 2 G (B t [ft, 4l (T)])4 ri£ . 
By induction hypothesis on ,4[, (,4i [Ti])4n £ ^ = 5A^ holds for all T\ G [T]. Assuming 

T\ ~ T. we conclude ,4-> G 5Ah and assuming T\ — 1°: we conclude A\ G SAf. 

Let T» G (IT 4l (T))4n £ • We have |B 2 | = |(Bi [TT])T 1]j£: I and T> G [AT]. By induction hypothesis on 
Bi, (B 1 [T 2 ])| Il£ C [.s] = 5A" holds. But, N(B 2 ) C SAf. Hence by Def. 5.4(4), B> G [s] - SAf. 

4 Sinre tlie II £ -calculus (Il£ without annotations of types in substitutions) is confluent (Lemma 3.10), we use the following 
property: for any M i, A/_> 6 {A/)| n£ < ( A / 1 1 = |A/ 2 |. 
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Since A 2 ,T 2 are both in SAf, we have Ua 2 B 2 G [A] (Lemma 5.7). 

• M = A Al .M { . We show that {X Al .M 1 [T])i Uc C [A]. 

By inversion of rule (Abs), E;T b Ai : Type, E;Ai.T b J\/i : B and S;T h A^.A/i : FLi,.#. 
By Lemma 5.18, [A] = [II . 4 ,. B] — [Ai] — > [B]. Note that if N G ((A/i, .A/ )[T])F Il£ , then 
N — A where A 2 € (A|[T])4 Il£ and AT G (A/j (T)])F Il£ . By induction hypothesis on A] , 
(A][Ti])4n c Q [Type] = SAf holds for all T\ G [FJ. Assuming T t — T, we conclude A> € *SA. and 
assuming T\ =f\ we conclude Aj G «SAa 

Now we prove that X\. 2 .M> G [AiJ -> \B\. From Lemma 5.19, it suffices to prove that for any N\ G 
[-4i], -a, t°])iii £ C [BJ. Let N, € (A/ 2 [JV, t °]H„ C and 7', e (lT,\, (T) ° ( A r i t°))ln £ - 

We verify that |Ab| = | ( A/i [7 ^>] ) J-i I jC I and T> G [Aj.r]. Therefore, by induction hypothesis on A/j , 
(A/j [Tb])4 IIz! C [B]. But N(Ab) C SA', thus, Ab G [B] by Def. 5.4(4). 

0 

Now, we show that AII^ is strongly normalizing. 

Lemma 5.21 (Strong normalization of (illc)- Let AI be a term mAfT and S be a substitution in AT. 

1. If E; r h A/ : A. tten A/ G «SA\ and 

2 . if E; T b 5 > A, then S G SAT 

Tree/. By Def. 5.13, [r] . 

1 . By Lemma 5.20, M G (A/[t°])ii, £ C [A]. By Corollary 5.12 and Def. 5.4(1). [A] C SAb 

2. By Lemma 5.20, S G (5 o t°)lri £ 5 [A], and by Lemma 5.14. [A] C SAf. 

□ 

Finally, we prove weak normalization on well-typed AIl£-expressioiis. 

Theorem 5.22 ( Weak normalization). Let M be a term in All £ and S a substitution in All/;. 

1. If E;T b M : A, then M is weakly normalizing , and 

2. if E;T b S > A, then S is weakly normalizing . 

Therefore , M and S have XU c -normal forms. 

Proof By Lemma 2.1 there exist Mi, Si G AfT such that M - Uc » M\ and S S\. The subject 

reduction theorem (Theorem 4.3) states that typing is preserved under reductions. Hence, b A / 1 : A 
and E;T b Si d> A. Therefore, by Lemma 5 . 21 , A/i and Si are both in SAb Finally, note that #Il£-normal 
forms in A T are A 11 £ -normal forms, too. □ 

5 . 2 . Confluence. The Church-Rosser property states that if two well-typed expressions are convertible, 
then they are joinable. The confluence property states that all the reductions of a well-typed expression are 
joinable. 

We need the following lemma coined in [44]. 

Lemma 5.23. Let x and y be XTLc-normal forms such that .r =\n c y. Then . x = y if 

• x is a term , E; Fj b x : A and E; T 2 b y : B f or 

• x is a substitution , E;Ti b x > Ai, E;T 2 b y > A 2? and A t =\n c A 2 . 

Proof By Lemma 3.2(3), \x\ and |y| are All^-normal forms, and by Lemma 3.2(1), \x\ =\n° |y|. Since 
\n D c is confluent (Theorem 3.7), |x| — \y\ holds. Finally, we proceed by structural induction on x. We use 
the fact that sub-terms of well-typed normal forms are well-typed normal forms. The only interesting case 
is x = M[T}. Since x is a AIl£ -normal form, only two cases are possible: 

• M = 1 and T =| t,+1 . This case is trivial, since by Def. 3.1, l[t n+1 ] = |l[t ,,+1 ]|- Therefore, x = y. 

• M = A", where is a meta-variable and T ^f 0 . By hypothesis, y ~ A[Tj] where |T| = |Ti|. By 
Lemma 3.3, T =\u c T\. Let A be the type of T and A! the type of T\ . By the inversion of rule 


21 



(Clos) applied to x and y, it holds that A" is well-typed in both contexts A and Ai. By inversion of 
rule (Metavar), A =\n c -Ai. Thus, by induction hypothesis, T = T \ , and thus, x — y. 

□ 

The above property is not valid when Ai ^Ari £ A 2 . Take, for example, the context 
T = m:(T 0) -4 not. 0 mat. l:(Un:nat.(T n)). Tmat -4 Type . nat: Type 
and the two substitutions 

5, = [y := (/ 0 ) - (7 :=0- na( T°] 

and 

s> = [;</:= (lQ) T r 0 ) x:=Q nat f}. 

By Lemma 3.3, Si =\n c Also, 

T h S[ > y:(T x). x:nat . T 

and 

F b So t> y:(T 0 ). x.nat. T. 

In this case, the well-typed substitutions S\ and S>> are = An c -convertible, but they are not identical. 

Thkohem 5.24 (Church-Rosser). Let x and y be such that x ~aiu : y • Then , x and y are All c-joinable, 
, , An c* . All £ * 

i.e.. there exists w such that x ► w and y ► w, ij 

1. x is a term , E; hi: 4 and S; T> y : B , or 

2. x is a substitution , E; Fi h x > Ai, E; T L > 1- y > Ao , and A\ =ah £ A>. 

Proof. By weak normalization theorem (Theorem 5.22), there exists All^-normal forms .r' and 3 / such 
that j* —A. j*' a nd y L* y'. it, suffices to show that y' — which is a consequence* of subject reduction 
theorem (Theorem 4.3) and Lemma 5.23. □ 

Confluence 1 of ALt£ is a consequence of the Church-Rosser property (Theorem 5.24) and subject reduction 
(Theorem 4.3). 

Corollary 5.25 (Confluence). Let x be an arbitrary well-typed expression . If x — ^ y and x — ^ c 
1 * , , . . An £ * ' a n £ * 

for some y,z , then there exists w such that y ► w and z ► w. 

Since AII^ enjoys both Church-Rosser and weak normalization, we have that All^-nornial forms on well- 

typed terms always exist and they are unique. Thus, the equivalence on well-typed expressions is decidable. 

Corollary 5. 26 (Decidability). The equivalence x =\u c y is decidable if 

• x is a term , E;Fi h 1 : 4 and E;^ b y : B, or 

• x is a substitution, E;Ti h 1 > A, E; Ts b y e> A. 

6 . Related Work and Conclusion. Explicit substitutions and the let-in constructor of functional 
ML-style programming languages have similar characteristics. I 11 both mechanisms the application of a 
substitution to a term can be delayed. For example, let x := 0 in Xy:A.x will be unfolded to A?/:A.O, in the 
same way that (\y:A.x)[x := 0 ] reduces to \y:A.Q. In their simplv-typed versions, explicit substitutions and 
let-in constructors act in the same way. However, in dependent-type systems, the relationship between 
both mechanisms is not immediate. 
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To illustrate this, let us take the typing rule for closures explicit applications of substitutions to 
terms — in a dependent-type system: 


r K s > A A b A/ : A 
r b M[S] : A[S } 


(Clos,i ). 


Consider the context 

T = rn:(T 0) — > nat . ihnat. l:(Hn:nat.(T n)). T:nat — > Type . not: Type . 

Using the above typing rule, the term (m (/ x))[x := 0] is ill-typed. This is because the information that the 
variable x will be substituted by 0 in (m (/ x)) is not taken into account by rule' (Clos n ). Therefore, the 
type of (/ x) is (T x), but not (T 0) as expected by m. On the other hand, the same term can be written 
using the let-in notation as: let x := 0 in (rn (/ x)). This term is well-typed because x has the value 0 in 
(in (l x)), and thus let x := 0 in (in (/ x)) is going to be typed as (m (/ 0)). 

The unfolding of definitions before typing is not sufficient when we admit nieta- variables. The reason is 
that substitutions and met, a- variables may appear in normal forms. In this case, we cannot avoid having a 
(CloSf[) T s like rule. The approach we have taken is to consider explicit substitutions different from the let-in 
mechanism. The explicit substitution technique allows substitutions to be part of the formal language by 
means of special constructors and reduction rules. In this way, the term (m (l x))[x := 0] is ill-typed, just 
as the term (Xx:nat.(rn (/ x)) 0) is. The let-in structure has a more complex behavior. It provides a 
mechanism for definitions in the* language. Formal presentations of type systems with definitions are given 
in [41, 3]. 

Some type theories extended with explicit substitutions have been proposed: The Simple Type Theory 
[1, 27. 8, 21, 6], the Second-Order Type Theory [1], the Martin Lof Type Theory [43], the Calculus of 
Constructions [39], and Pure Type Systems [2]. Except for the simply-typed version of An in [8], neither of 
them considers terms with meta- variables as first-class objects. 

Our main contribution is the complete meta-theoretical development of a dependent-type system with 
explicit substitutions which handles explicitly open expressions (i.e., expressions with meta-variables). The 
system enjoys the usual typing properties: type uniqueness, subject reduction, weak normalization, and 
confluence. Applications of such a calculus are frameworks for the representation of incomplete proofs, and 
first-order settings for higher-order unification problems. 

In this paper, we have presented the All-theory. Although full polymorphism or inductive definitions are 
not considered in this theory, the main difficulties, due to the mutual dependence between terms and types, 
already arise in All. Other theories, such as the Calculus of Constructions, can be considered as the logical 
framework for All ^ [34]. Note also, that All ^ does not handle the //-rule. Extensional versions of explicit 
substitution calculi have been studied for ground terms [24]. However, work is necessary to understand the 
interaction with dependent types and meta-variables. 
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